Reputation: 1
Federated identity between multiple instances of IdSrv3
Is it possible to do federated identity between multiple instances of IdSrv3 using OpenID Connect/OAuth2 in the following scenario?
Multiple instance of IdSrv3, called Local STS, running on different machines with some kind of chain of trust to a Central STS. The machines running the Local STS can go offline and in that context the applications running on the local machines makes call to local STS for a token and uses that token while communicating with APIs on another server. The API Service, which is registered and connected to the Central STS, can validate and trust the token generated by a Local STS. Is it possible to do this setup with IdSrv3 or IdSrv4? Also how can a chain of trust be established between central and local STS?
Upvotes: 0
Views: 471
Answers (1)
Reputation: 18482
That is absolutely possible -
in IdentityServer you can add external providers via ASP.NET (Core) authentication middleware. For the "other" IdentityServer this becomes a normal client.
https://identityserver.github.io/Documentation/docsv2/configuration/identityProviders.html
Upvotes: 1
Related Questions
- Adding one identityserver as a clinet to another identityserver
- Identity Server 3 as Ws-Fed Identity Provider for SharePoint 2013/2016
- Synchronizing identity server 4 instances
- Support "two account" login when implementing IProfileService
- IdentityServer 4 Multiple external Active Directory providers
- Sharing IdentityServer between multiple apps
- IdentityServer 4 with Active Directory
- identity server 4 using multiple external identity providers
- Single identity with partitioned client and scope configuration
- ASP.NET multiple federated identity providers